Wazuh and ELK
1,550 views
Skip to first unread message
sv1c0m
May 9, 2022, 11:09:31 AM5/9/22
to Wazuh mailing list
Hi, I have deployed an ELK cluster with OpenSearch and I would want to integrate wazuh, but I don't understand so much of the difference between each other. Also, with the new release, I am a little confused because the services of wazuh work very similar to the elk services, so what do you recommend to me? What is the best option? I think that if I deploy the new release of wazuh is going to be the same as having elk and wazuh together.
Thank you so much.
Alejandro Ruiz Becerra
May 9, 2022, 11:51:43 AM5/9/22
to Wazuh mailing list
Hello!
That's a perfectly justified doubt.
Wazuh uses Elastic / OpenSerach as its search engine, so the common architecture until now has been to install Elastic / OpenSearch and then install Wazuh and connect it to the search engine. Finally, our App was to be installed on Kibana as a plugin.
With the release of 4.3.0, we have simplied this architecture, although essentially speaking it is the same, as seen on the diagrams below.
We have forked OpenSearch (which was forked from ElasticSearch) and OpenSearch Dashboards (which was forked from Kibana) and we have named them Wazuh Indexer and Wazuh Dashboards and applied some changes to better fulfill our needs. Also, our App (the plugin) is now installed with the Wazuh Dashboards out of the box, so there is no need to manually install it later on.
That's a perfectly justified doubt.
Wazuh uses Elastic / OpenSerach as its search engine, so the common architecture until now has been to install Elastic / OpenSearch and then install Wazuh and connect it to the search engine. Finally, our App was to be installed on Kibana as a plugin.
With the release of 4.3.0, we have simplied this architecture, although essentially speaking it is the same, as seen on the diagrams below.
We have forked OpenSearch (which was forked from ElasticSearch) and OpenSearch Dashboards (which was forked from Kibana) and we have named them Wazuh Indexer and Wazuh Dashboards and applied some changes to better fulfill our needs. Also, our App (the plugin) is now installed with the Wazuh Dashboards out of the box, so there is no need to manually install it later on.
Architecture comparison: before 4.3.0 / after 4.3.0
Note of the diagram is the same, but the name of the components change. Also note that the Wazuh Manager is now named Wazuh Server.
As we have taken property of these components, installing and configuring Wazuh is now simplier than ever, which is our main objective at this time, to make it easy to use and understand, so everyone can get started as fast as possible.
Said this, my advice would be to directly move to 4.3.0 and use the new components and installation guide.
I hope I have cleared your doubts. If not, please don't hesitate to ask anything to me, and I'll gladly help you.
Regards,
Alex
Bhaskar Patel
May 13, 2022, 8:14:22 AM5/13/22
to Wazuh mailing list
Hi,
Is there any solution available in Wazuh ELK the log is directly store in .Jason file and then - from the console i can see on dashboard so, intension is old ossec raw archive.log want not want to process.
output is storage saving and performance.
Thanks,
Bhaskar Patel.
Bhaskar Patel
May 19, 2022, 2:50:29 PM5/19/22
to Wazuh mailing list
Hi all,
Can I use wazuh with our ossec archive log created wazuh can work with direct its own format.
This will save my space.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/ff83d004-f47e-4926-b8df-edc5b4e9d702n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages